Contact Us - Frequently Asked Questions    
 

Frequently Asked Questions




  1. Digital Certification
    1. How Does it Work?
      • Basically, the Digital Certificate works as a type of virtual ID card that allows the author of a message or of a transaction over a computer network to be securely identified. The digital certification process employs quite complex logical and mathematical procedures to assure confidentiality, integrity of information and confirmation of authorship.

        The Digital Certificate is an electronic document digitally signed by a trustworthy third party, which identifies an entity, whether an individual person or company, associating it to a public key. A digital certificate contains the data of the holder, such as name, date of birth, public key, name and signature of the Certifying Authority that issued it. It may also contain complementary data such as Individual Tax Payer Registration number, Voter Certificate number, Personal ID card number, etc.

    2. What is a digital signature?
      • The digital signature is a form of electronic signature, which results from a mathematical operation that employs cryptography and allows the origin and integrity of a document to be safely verified. The digital signature is linked to the electronic document in such a way that, in the event any changes are made to the document, the signature becomes invalid. This technique allows one not only to verify the authorship of a document, but to establish a “logical immutability” in its content, as any alteration to the document – for example, the insertion of an additional space between two words – invalidates the signature.

    3. Is digital signature the same as digitalized signature?
      • No. The digitalized signature is the reproduction of a written signature as a scanned image. It does not guarantee the authorship and integrity of the electronic document, seeing that it can be easily copied and inserted in another document and there is no unequivocal association between the signer and the digitalized text.

    4. What is Cryptography?
      • The word cryptography is Greek in origin and means the art of writing in codes, in such a way as to hide information in the form of an incomprehensible text. Ciphering or the coding process is executed by a computer program which carries out a series of mathematical operations, transforming a clear text into a ciphered text while inserting a secret key in the message. The party issuing the document sends the ciphered text to be reprocessed by the receiver when, in turn, it will be transformed back to legible text as long as it contains the correct key.

    5. What types of cryptography exist?
      • There are two types of cryptography: symmetric and asymmetric. Symmetric cryptography is based on algorithms which depend on a common key, called secret key, which is used both in ciphering and deciphering the text. To assure the integrity of transmitted data, it is indispensable that only the issuing and receiving parties know the key. The problem with symmetric cryptography is the need to share the secret key with all who must read the message, which makes it possible for any of the parties to alter the document. Asymmetric cryptography uses a pair of keys which differ among themselves and are mathematically related by means of an algorithm, in such a way that the text ciphered by one key can only de deciphered by the other key in the pair. The two keys involved in asymmetric cryptography are called the public and private key. The former may be known to the public at large while the private key is only known to its holder.

    6. What is the main information contained in a digital certificate?
      • The main information which a digital certificate contains is the holder’s public key; name and e-mail address; validity term for the certificate; name of the Certifying Authority – CA that issued the certificate; serial number of the certificate; and the CA’s digital signature.

    7. What are the advantages to companies or individuals buying a digital certificate?
      • Agility, cost reduction and security are the principle advantages of digital certification. Today, digital certification allows processes that formerly had to be carried out personally or by means of uncountable paper documents to be entirely conducted by electronic means. With this, processes have become less bureaucratic, faster and therefore, cheaper. Digital certification guarantees authenticity and integrity. A document with a digital signature is as valid as one signed manually on paper.

    8. Is an electronically-signed document recognized in the same manner as a document signed manually?
      • As determined by the text of paragraph 2, Article 10 of the Provisionary Measure (MP) nº 2.200-2, dated August 24, 2001, electronic documents signed digitally using Private Digital Certificates are legally valid, however both issuing and receiving parties must agree to this to render them as valid as if they were paper documents signed manually.

        According to Article 10 of the Provisionary Measure (MP) nº 2.200-2, dated August 24, 2001, electronic documents signed digitally using certificates issued under ICP-Brasil governance are as legally valid as paper documents signed manually.

    9. What caution should one exercise when using digital certification?
      • Firstly, one should remember that the digital certificate represents one’s identity in the virtual world. Therefore certain care should be adopted to avoid that someone else use it to close contracts and/or business and conduct banking transactions in the name of the holder of the certificate. Recommendations for the use of a digital certificate:

        1. The private key’s access password as well as the private key itself should not be shared with anyone;

        2. In the event the computer which was used to generate the pair of cryptographic keys is shared by multiple users, saving the private key on the hard drive is not recommended as the other users may have access to it. Better to save it to a diskette, smart card or token;

        3. If the private key is filed on a computer’s hard drive, this computer should be kept safe from unauthorized access. It should be kept physically secure; never leave the room open and unattended if you must leave the computer on while you’re away. Also, use a screen protector with a password. Beware of computer viruses that can damage your private key;

        4. If the software for generating the pair of keys features the option for inserting a password for protecting the private key, it is recommended that you use it. Not using a password means that anyone using the computer can pass for the holder of the private key, signing contracts and moving bank accounts. Generally speaking, it’s a lot easier to use a password than to physically protect a computer;

        5. Use a long password, mixing letters and numbers, as there are programs that discover passwords. Avoid using personal data such as the wife’s or children’s names, birthday dates, addresses, telephone numbers or any other information related to the person. The password should never be written-down; better to memorize it.

    10. Does the digital certificate have a validity term?
      • Yes. The digital certificate, differently from documents usually employed for personal identification such as the Individual Tax Payer Registration card or Personal ID card, has a validity term. A document can only be signed using it while it is valid. The user may request certificate renewal to the CA after the validity term has expired.

    11. Why not issue certificates without a validity term?
      • Because each time the validity of a certificate is renewed, so is the relationship of trust between the holder and the CA. This renewal may be necessary for substituting the private key for a more technologically advanced one or due to changes in the user’s data. These alterations aim at strengthening security in relation to the certification techniques and to the information contained in certificates.

  2. Timestamp
    1. What is a timestamp?
      • The timestamp is an electronic document issued by a trustworthy Timestamp Authority (TA) which acts as evidence that digital information existed at a certain date and time in the past.

    2. What is a Timestamp Authority (TA)?
      • A Timestamp Authority is an entity certified by the Brazilian National Observatory (Observatório Nacional do Brasil - ON), an institution linked to the Ministry of Science and Technology (Ministério da Ciência e Tecnologia - MCT), which is legally responsible for generating, maintaining and disseminating the Brazilian Legal Time. This technology allows Brazilian Legal Time to be affixed to digital documents in a safe, authentic and subject-to-audit form, and as such is not only proof of time but also a guarantee of content.

    3. What purpose does the Timestamp serve?
      • The timestamp is used to associate a certain hash (DNA) – content guarantee – of a document signed electronically or not, to a specific time and date of existence. Important to note that the timestamp reports the date and time a document was received by the issuing entity, and not the date this document was created.